At work we use a program based on MS Visual FoxPro. Even though everybody uses the same password, and the information inside the program is not very delicate, I haven't been able to get the password removed. Simply because the developers want money to do the job and my boss doesn't want to pay.
I also use a BAT file to open my most used programs and websites, which are pretty much all on auto-login. Except the MS Visual FoxPro program.
I found a BAT script somewhere that waits a certain amount of time, and then mimics keyboards entries. But for some reason it doesn't seem to work on Win10.
So I am wondering if anybody knows a way to automatically sent the password via the BAT file?
The auto-login script I mention above was found here: Automatically open a browser and login to a site?
We use AutoHotkey to automate certain tasks with our own in-house VFP application. It works well. It supports Windows 10 (though we only use it on 7 and Server 2008 here)
So you have an application developed with M$ Foxpro (one of its various versions).
I cannot speak to how the developers 'built' your application. I can only speak for the various VFP applications that I have written.
When I created applications that 'asked' for Username/Password, I compared the input values against VFP Data table field values that were stored away in an encrypted manner so that the casual 'investigator' could not easily determine the values.
That assumes that the user's were allowed to create new Username/Password combinations - thereby requiring support of dynamic entries.
However the application developers could have done it in a variety of ways:
1. Store encrypted Username/Password values into a local VFP data table.
2. 'Hard code' the Username/Password into the application code prior to compilation (most definitely NOT preferred)
3. Run the input Username/Password against a Web Service where these values are stored on THEIR central system.
With those various ways as possibilities - making it more difficult to tell you which way to go, I'd recommend considering the following:
If an issue is BUSINESS CRITICAL, don't quibble over the Dollars.
Related
I started working for a company in the field service industry. We have a program and client database build in Access. As of right now, they are scheduling their service calls in a notebook. I am trying to get this company into this era by having a web-based scheduling software.
I have basic schooling networking but I am not a programmer nor do I know Access. I have learned how to split the database and create a multi-user environment and converted it to accdb from mdb to work with Access 2013 instead of 2003 in which it was written. These steps have greatly helped but I am not sure where to go from here.
My next step is the scheduling software but the company's greatest concern is the protection of their client database. Not from outside hackers but there is always a concern of employees selling our client list to our competitors. Also, at this time, employees do not have web access for this reason, which they will need.
Is there any way to keep the accdb file from being sent via email etc. or copied to external media? If I set up permissions through the OS, won't that make the client files uneditable (for lack of a better word) in Access? Like address/tele # changes or notes? I'm not even sure what to even search for help.
Thank in advance for your time
I understand that Access 2013 can be installed on a Server 2008 R2 or 2012 server. Put a password on the database. That should keep hackers out, and as far as keeping employees out of the data that they shoudn't be in, I know the navigation bar can be hidden, but it is unfortunately able to be viewed again by the F11 key. It would've been nice if MS could have made the navigation bar ability an easy option (yes or no), and make it modifyable in VBA....They may have. Keeping users out of raw data is something I have yet to figure out too....
I'm a novice at this stuff, but I was able to write code, and a login screen of my own so that users can have their own login ID, and a password (or phrase), and enable them to change their own password if they forget it, or if they just just to change it. You can make the navigation bar disappear by the VBA code: DoCmd.LockNavigationPane True...but unfortunately F11 can re-enable it.
Hope this helps....
Can any please explain that how we can embed ms access db in our winform application so that it could easily run on other machines with just one file .EXE . i have serached a lot but still unable to find an appropriate solution for it.Thanks in advance.
Assuming you are using an MDB, then the (32 bit) database engine (JET) is part of Windows. As such, there should be no setup requirements for that. If the database is only read and not written to, then you can add it as a resource to the EXE, and when the application starts up, extract the resource into either the TEMP directory, or if it's large and you don't mind leaving caches about, into a subfolder under local application data (CSIDL_LOCAL_APPDATA). If you do the latter, then the next time the application starts it can check to see whether a valid extracted MDB already exists and use that if it does. You can do a similar thing if the database is to be written to, but only for local storage, in which case the linked-in MDB would serve as a 'template' database.
If you were using Delphi or C++ I'd also suggest investigating SQLite as a possible alternative to JET, though as it's C# I assume (the 'c' tag is a bit confusing) then you won't be able to statically link the SQLite code, which fails the standalone EXE requirement.
I'm building a Windows Store application that uses SQLite for data storage. I have found out, that the database is easily accessible through User's local folder (actually all apps have all data publicly exposed). Is there a way to at least weakly protect the database from access?
you need to look at ProtectedData class
http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.dataprotection.dataprotectionprovider.aspx
It exposes easy to use Protect / Unprotect methods that can be used to encrypt / decrypt that at app level. Encrypt data before writing to db and unencrypt before consuming
I also looking for the same solution and found sqlite-crypt at http://sqlite-crypt.com/download.htm
I don't know whether this one good enough or not. There is a trial version that limit passphrase to 6 characters and store it as plain text in the header. It won't be suitable if you want complete data protection. But for testing, maybe it's worth a try. I don't have a chance to test it yet since I still working on the server side of my project. I'll update it when I've test it in the future.
EDIT: Ok. I've test the trial version and it's worked well with modificated version of SqliteWinRT wrapper on codeplex. Note that the trial is limited to 5-6 characters of passphrase and this phasephrase is stored in plain text, plus it's in x86 compiled binary, which means it won't work for actual product which need ARM support. You have to purchase the binary to get the production-ready binaries.
I have an windows application (WPF) in which we are running on each login, however when the user first logs into a new PC the application will need to do some specific tasks, but only on the users first login and never on subsequent times.
Is there a way in .Net 3.5 to query wether the user has logged in before (ie some kind of login count)?
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
We use redirected folders so the user may have already logged into a PC on our network these special events should only occur when the user hasnt logged in onto the PC and Windows has had to create a new profile for the user on the PC.
If I am not clearly explaining what I am seeking, please dont hesiate in letting me know.
Matt
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
I'd recommend going with this option. Don't try to detect it, just create your own state on first run.
I suggest this, not because it is technically impossible to achieve the functionality you describe, but because it is a better user experience. It provides an easy way to re-do the action without having to recreate the user.
... a txt file in the users registry ...
I'm not sure what this means. You can create text files under the user's profile directory, and you can insert string values in the registry (but not files of any sort).
As for the particular mechanism, I suggest you consider:
An App.Config value. Clearing out the value is easier to support or batch-script than a registry value, and makes the user less scared that their machine will explode if you have to tell them to edit the settings. Users are scared of the registry.
A sentinel text file under the user profile directory. Wiping out the file is super-easy to support and batch-script. Instead of editing a text file, they can just delete one. But this makes it so you have multiple config mechanisms, so multiple points of failure. I'd only do this if I were using the App.Config for additional settings in the program and thought the user wouldn't be technical enough to hand edit it.
The windows registry. Remote registry access might be easier than remote file access, if you're having to do remote troubleshooting. It also might be easier to mess with via group policy, in case this is an intranet app and you need to force a re-run on all machines in your org.
I'd carefully consider my options and which is most likely to ease support (be understandable by my users) before committing to one. I'd also consider the remote-troubleshooting/remote reset scenario.
This may not be what you're looking for but I'm hoping it will help you anyway.. I do not know from the top of my head how to do this in WPF but I do know you can use an "unattend.xml" file and the FirstLogonCommands to execute a script or application on first logon. I have used this for Windows 7, it may not apply to XP.
For Windows.Forms, I have an application that needs to get a unique install id for each install from my server, and then persist this data so once registered, the install ID is included on all communications back to the server. The application is in occasional contact with the server.
How can I persist this data on the client in a way that is not easily tampered with?
First, you should note that if the data is on the local file system and your application can read and write it, it will always be possible for a determined user to tamper with it... perhaps not easy, but possible nonetheless.
That said, there are a number of options you could consider, including (but not limited to) :
encrypting the data with a key defined in your assembly : pretty safe is the user has no programming skills, but an advanced user could disassemble your app to find the key. Obfuscation could make it harder to extract the key, but not impossible.
using an isolated storage : I'm not sure whether the data is encrypted or not, but at least it's not easily found, hidden in a deep folder hierarchy... Not so safe is the user knows where to look, however
writing the data in a binary format, which makes it harder to read or modify for a non expert user
using a piece of native code to encrypt the data : similar to the first option, but a native DLL is harder to disassemble than a .NET assembly, so it requires more skills to find the key
Again, all these approches are not bulletproof : as long as your program can access the data, an advanced user could always reverse engineer it and do the same...
You could save the data in the windows registry. You'll use the [HKCU\Software\YourAppName] hive key if it's a per-user setting, or [HKLM\Software\YourCompany] if it's a global setting. However, the data would need to be encrypted, because its trivila to get the values in these keys